Thunderbird 38.5.0 is now available / special notice
R Kent James
kent at caspia.com
Tue Dec 29 18:46:55 UTC 2015
My understanding is that later Microsoft OSes will accept installs of
apps signed with SHA-1 certificates for a limited amount of time, but
only if they were signed prior to 2016-01-01. So what you describe
applies to later Microsoft OSes, not XP SP2. That OS knows nothing of
any of this, and has no support or SHA-2 certificates (hence will fail
with our latest apps that are signed using SHA-2). Per Microsoft
"I am still targeting software for distribution to Windows XP SP1, SP2
and Windows Server 2003. How might I be affected by these requirements?
The deprecation policies will not be targeted at those systems. Those
systems however do not have SHA-2 support and no patch is available to
add that support either. Developers can use SHA-1 code signing
certificates and SHA-1 file hashes to sign their code. SHA-1 timestamps
should be used as well."
"Windows trusts SHA1 (if timestamped prior to 1/1/2016) and SHA-2 (any
timestamp)" for Code Signing certificates.
Nevertheless, there seems to be a lot of confusion about what all of
this really means.
On 12/29/2015 3:53 AM, Gervase Markham wrote:
> On 23/12/15 21:01, R Kent James wrote:
>> One possibility is to drop support completely for XP SP2 or earlier. The
>> other option is to have additional builds, signed with older
>> certificates, that will install on XP SP2 or earlier. That solution
>> might only be valid for another year or so, however.
> If you are going to make such builds, they need to exist before midnight
> on December 31st :-) You may be able to use existing builds, of course.
> tb-planning mailing list
> tb-planning at mozilla.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the tb-planning